Self-hosted · Agent-Server Architecture

Server Management Made Simple One Platform for All Your Servers

Deploy a lightweight agent and get unified management, real-time monitoring, and security protection for all your servers.

Explore FeaturesView Plans
Welcome to the Baize community

Join the Discord community to exchange deployment experience, product questions, and feedback with other Baize users.

Join Discord
<2%
CPU Overhead
<50MB
Memory
80%+
Compression
web-01db-01edge-01web-02edge-szweb-03
Live Control Surface
LIVE
Node Overview
web-prod-03
Application Node
43ms
Healthy
edge-sz
Edge Node
28ms
Healthy
db-01
Data Node
61ms
Watch
Execution Feed
$ssh web-prod-03
$run batched nginx config inspection
$sync latest block rules to edge-sz
$archive execution result and audit record
Defense State
New coordinated defense rules have synced to the edge node group
From node-side discovery to central convergence and final broadcast, the whole process stays traceable.
Audit Summary
1Executor identity stays bound to node scope
2Policy delivery records can be replayed by time
3Abnormal events link to remediation actions automatically
Core Capabilities

One platform to solve all server management challenges

Live

Asset Management

Auto-discover and onboard servers, track real-time status, and organize with flexible grouping.

Live

Full-stack Monitoring

Real-time metrics for system resources, Nginx, Docker, SSL certificates with rich visualization.

Live

Security Protection

Edge WAF for real-time blocking, SSH brute-force detection, cluster-wide IP ban synchronization.

Live

Remote Operations

Web terminal, batch command execution, file distribution — all operations fully recorded and audited.

Live

Task Orchestration

Distributed cron management, multi-node coordination, centralized result collection.

Live

Smart Alerts

Rule engine + alert escalation + silence policies, multi-channel via Webhook, Email, Telegram.

Architecture

Edge Intelligence · Central Orchestration

Baize ServerAPI & WebSocket GatewayMonitoring & Metricsmetrics-engineControl APIstask-dispatcherRealtime State & Schedulerstate-storeAlert & Audit Hubalert-brokerAudit Logs & DB · PostgreSQL / RedisAGENT NODESweb-01Application Nodeweb-02Application Nodedb-01Data Nodeedge-01Edge NodeMore nodes…Clients & OpenWeb ConsoleMobile AppOpen APICLI ToolMetric UploadTask DispatchClient IngressResult ReturnAudit IngestMetric UploadTask DispatchClient IngressResult ReturnAudit Ingest
AI Copilot Planned

Intelligent Ops Assistant

AI capabilities are being integrated across modules to assist operational decisions.

Anomaly detectedNode: web-prod-01Event: SSH brute-force28 fail/min · srcIP 192.168.1.100AI CoreAnalyze payloadGenerate responseAI Insight & CommandReasoning· High-frequency SSH auth· failures from 192.168.1.100· — suggest blocking via WAF.$ baize waf block 192.168.1.100

Terminal Intelligence

Command suggestions, error diagnosis, risk alerts.

Config Analysis

Nginx config review, performance optimization, log interpretation.

Container Insights

Container health analysis, resource optimization, log pattern recognition.

Security Analysis

Attack pattern analysis, false-positive identification, policy tuning.

Collaborative Defense

Three Layers · Cluster-wide Response

Attack TrafficDDoS / CC / Brute ForceL1 · Edge FilteringFast interception on nodesAbnormal request patterns blockedL2 · Central AnalysisBehavior correlation analysisAuto-generated joint policiesL3 · Cluster-wide Defenseweb-01✓ blockedweb-02✓ blockedweb-03✓ blockeddb-01✓ blocked
1Attack Triggered
2Edge Blocking
3Pattern Analysis
4Policy Distribution
5Cluster Blocking
09:13

Abnormal request spike emerges

An external IP cluster bursts SSH ports and login endpoints on web-prod-*; agent-side detection captures the anomaly and pushes raw packet signatures and rate fingerprints to the center.

09:14

Edge L1 blocks locally

Agent-side WAF returns 403/429 within ~80ms for rule-matched requests; suspicious traffic that does not yet match is tagged and forwarded, avoiding collateral damage to legitimate users.

09:15

Center attributes and aggregates the behavior

Origin IP ranges, matched rules, affected nodes, and false-positive rate converge in one unified view; same-ASN / same-UA requests are auto-clustered and the result is written to a situation snapshot.

09:16

New policies broadcast to the related node group

WAF block-list and rate-limit rules reach web-01 / web-02 / web-03 / db-01 in roughly 1.2s; rule version, match conditions, and effective time are written to a policy snapshot for canary rollback.

09:18

Cluster ban complete · result lands in audit

The audit center records the operator (ops/baize), rule diff (+12 IPs / -3 false positives), affected nodes, effective timestamp, and next review time — the full event chain can be replayed or this block undone in one click.

Comparison

Say goodbye to scattered tools, embrace unified platform

TraditionalParallel tools, fragmented pathsMonitoringBastionWAFScriptsAuditNode GroupBAIZEBaizeUnified ingress, control, and auditIngressingressBaize Servercontrol · scheduleraudit-brokerNode Groupagent clusterAudit Chain
Traditional
  • Multiple tools, constant switching, low efficiency
  • Security policies configured server by server, easy to miss
  • No unified audit for operations, hard to trace
  • Scaling relies on manual scripts, error-prone
Baize
  • One platform, unified management, highly efficient
  • Security policies distributed cluster-wide, instant effect
  • All operations fully recorded, traceable and auditable
  • New nodes onboarded with one command, auto-registered
Quick Start

Get started in 3 steps

01

Deploy Server

Clone the public deploy repo and run scripts/install.sh to bring up PostgreSQL / Redis / Server / Web with Docker Compose.

02

Install Agent

Run install-agent.sh on the managed host to auto-register.

03

Start Managing

Open the console and view real-time status of all servers.

install.sh
install.sh
$ git clone https://github.com/ysfl/baize.git && cd baize
$ bash scripts/install.sh --yes --public-url https://baize.example.com
✓ Web http://<server-ip>:8088 · API :22501
agent-install.sh
agent-install.sh
$ bash scripts/install-agent.sh --server https://baize.example.com --token <token>
● Agent installed
✓ Connected & registered
$ bash scripts/check-install.sh
All nodes healthy. Open console →
Baize Console Live
Nodes
12
Avg CPU
17%
Online
100%
Open alerts
2
Recent events
web-01 connected and finished its first heartbeat
Policy broadcast to 4 nodes (1.2s)
L1 blocked 286 abnormal requests in last 5min